Morrisons Declared Liable for Payroll Data Leak

Supermarket chain Morrisons has lost its appeal against a High Court ruling

23rd Oct 12:30

Supermarket chain Morrisons has lost its appeal against a High Court ruling that found it liable for a data leak by a former employee.

The Court of Appeal has upheld a December 2017 High Court ruling against Morrisons, which held the supermarket chain liable for a data breach caused by a disgruntled employee in 2014.

The employee posted online the payroll information of thousands of workers, resulting in more than 5,000 employees claiming against the retailer and demanding compensation.

Nick McAleenan, a partner and data privacy law specialist at JMW Solicitors, who represents the 5,518 claimants, said they had held one of the UK’s biggest organisations to account and won.

However, Morrisons has responded to the ruling by saying it now plans to take its appeal to the Supreme Court.

The organisation stated: “A former employee of Morrisons used his position to steal data about our colleagues and then place it on the internet and he has been found guilty for his crimes. The courts have found that we are responsible for the actions of that former employee, even though his criminal actions were targeted at the company and our colleagues.

“We believe we should not be held responsible, so that is why we will now appeal to the Supreme Court.”

Representatives of the cybersecurity industry said the Appeal Court’s ruling underlines the fact that organisations are ultimately responsible for the personal data they hold.

This case highlights the necessity for businesses to implement secure employee culture, to protect themselves against both external and insider threats, or face the consequences.